Overview

overview

10

Static

static

3

d71340b536...bf.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-11-2024 00:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d71340b536d7c3c08adf557a7aa62c73ce4d28c4d45919a1c443e267dfa7edbf.exe

  • Size

    7.0MB

  • MD5

    2314bc20d7df32f3bbe8999824a89b8d

  • SHA1

    007ffea653cbefc42be0d53461ee787cbf0b8bba

  • SHA256

    d71340b536d7c3c08adf557a7aa62c73ce4d28c4d45919a1c443e267dfa7edbf

  • SHA512

    a18fb528dc78512a45db2539e94f9748278562a24a73ab5a26825f3fcd99e4f41c793cbfc963c2294142dfb59fb4d022416f4de3c25ba55b89abbbf6b1fd8c1d

  • SSDEEP

    196608:K3C1dMxliUN9V98ELBLsElalB+ZsfK9WXak4:Efie9VyKBfY+qC9W

Score
10/10
amadeylummastealcxworm9c9aa5marscredential_accessdiscoveryevasionexecutionpersistenceratspywarestealertrojan

Malware Config

Extracted

Family

amadey

Version

4.42

Botnet

9c9aa5

C2

http://185.215.113.43

Attributes
  • install_dir

    abc3bc1985

  • install_file

    skotes.exe

  • strings_key

    8a35cf2ea38c2817dba29a4b5b25dcf0

  • url_paths

    /Zu7JuNko/index.php

rc4.plain

Extracted

Family

lumma

C2

https://powerful-avoids.sbs

https://motion-treesz.sbs

https://disobey-curly.sbs

https://leg-sate-boat.sbs

https://story-tense-faz.sbs

https://blade-govern.sbs

https://occupy-blushi.sbs

https://frogs-severz.sbs

https://property-imper.sbs

Extracted

Family

stealc

Botnet

mars

C2

http://185.215.113.206

Attributes
  • url_path

    /c4becf79229cb002.php

Extracted

Family

xworm

Version

5.0

C2

backto54.duckdns.org:8989

helldog24.duckdns.org:8989
Mutex

7Fvn9wsSHJeXUB5q

Attributes
  • install_file

    USB.exe

aes.plain

Extracted

Family

lumma

C2

https://blade-govern.sbs/api

https://story-tense-faz.sbs/api

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey
  • Amadey family
    amadey
  • Detect Xworm Payload 1 IoCs
  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 11 IoCs
    evasiontrojan
  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc
  • Stealc family
    stealc
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Xworm family
    xworm
  • Enumerates VirtualBox registry keys 2 TTPs 1 IoCs
    evasion
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 11 IoCs
    evasion
  • Downloads MZ/PE file
  • Uses browser remote debugging 2 TTPs 11 IoCs

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer
  • Checks BIOS information in registry 2 TTPs 22 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 4 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 17 IoCs
  • Identifies Wine through registry keys 2 TTPs 11 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Loads dropped DLL 2 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Windows security modification 2 TTPs 3 IoCs
    evasiontrojan
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Adds Run key to start application 2 TTPs 7 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 11 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 5 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 25 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 15 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Enumerates system info in registry 2 TTPs 11 IoCs
  • Kills process with taskkill 5 IoCs
    evasion
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 30 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 31 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\d71340b536d7c3c08adf557a7aa62c73ce4d28c4d45919a1c443e267dfa7edbf.exe
    "C:\Users\Admin\AppData\Local\Temp\d71340b536d7c3c08adf557a7aa62c73ce4d28c4d45919a1c443e267dfa7edbf.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4016
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\B0s53.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\B0s53.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:864
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\T5h09.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\T5h09.exe
        3⤵
        • Executes dropped EXE
        • Adds Run key to start application
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4344
        • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1t88s7.exe
          C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1t88s7.exe
          4⤵
          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
          • Checks BIOS information in registry
          • Checks computer location settings
          • Executes dropped EXE
          • Identifies Wine through registry keys
          • Suspicious use of NtSetInformationThreadHideFromDebugger
          • Drops file in Windows directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of WriteProcessMemory
          PID:2016
          • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
            "C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe"
            5⤵
            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
            • Checks BIOS information in registry
            • Checks computer location settings
            • Executes dropped EXE
            • Identifies Wine through registry keys
            • Adds Run key to start application
            • Suspicious use of NtSetInformationThreadHideFromDebugger
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:3652
            • C:\Users\Admin\AppData\Local\Temp\1009342001\VBVEd6f.exe
              "C:\Users\Admin\AppData\Local\Temp\1009342001\VBVEd6f.exe"
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Checks processor information in registry
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of WriteProcessMemory
              PID:2312
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                7⤵
                • Uses browser remote debugging
                • Enumerates system info in registry
                • Modifies data under HKEY_USERS
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of FindShellTrayWindow
                • Suspicious use of WriteProcessMemory
                PID:2388
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffff438cc40,0x7ffff438cc4c,0x7ffff438cc58
                  8⤵
                    PID:4380
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2028,i,7156650104962309732,4481369165523341079,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2020 /prefetch:2
                    8⤵
                      PID:3364
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1884,i,7156650104962309732,4481369165523341079,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2132 /prefetch:3
                      8⤵
                        PID:408
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2288,i,7156650104962309732,4481369165523341079,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2304 /prefetch:8
                        8⤵
                          PID:2596
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,7156650104962309732,4481369165523341079,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3200 /prefetch:1
                          8⤵
                          • Uses browser remote debugging
                          PID:2396
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3232,i,7156650104962309732,4481369165523341079,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3200 /prefetch:1
                          8⤵
                          • Uses browser remote debugging
                          PID:3268
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4468,i,7156650104962309732,4481369165523341079,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4376 /prefetch:1
                          8⤵
                          • Uses browser remote debugging
                          PID:1884
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4760,i,7156650104962309732,4481369165523341079,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4208 /prefetch:8
                          8⤵
                            PID:5668
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4920,i,7156650104962309732,4481369165523341079,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4928 /prefetch:8
                            8⤵
                              PID:5692
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                            7⤵
                            • Uses browser remote debugging
                            • Enumerates system info in registry
                            • Suspicious behavior: EnumeratesProcesses
                            • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                            • Suspicious use of FindShellTrayWindow
                            PID:3500
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff8081746f8,0x7ff808174708,0x7ff808174718
                              8⤵
                              • Checks processor information in registry
                              • Enumerates system info in registry
                              • Suspicious behavior: EnumeratesProcesses
                              PID:5768
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,3853672106441393654,10007458845584302458,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
                              8⤵
                                PID:2464
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,3853672106441393654,10007458845584302458,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
                                8⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:4496
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,3853672106441393654,10007458845584302458,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2504 /prefetch:2
                                8⤵
                                  PID:5828
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,3853672106441393654,10007458845584302458,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2676 /prefetch:2
                                  8⤵
                                    PID:5204
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,3853672106441393654,10007458845584302458,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2424 /prefetch:8
                                    8⤵
                                      PID:5396
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,3853672106441393654,10007458845584302458,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2420 /prefetch:2
                                      8⤵
                                        PID:1140
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,3853672106441393654,10007458845584302458,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3344 /prefetch:2
                                        8⤵
                                          PID:5576
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2032,3853672106441393654,10007458845584302458,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
                                          8⤵
                                          • Uses browser remote debugging
                                          PID:1704
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2032,3853672106441393654,10007458845584302458,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
                                          8⤵
                                          • Uses browser remote debugging
                                          PID:3492
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,3853672106441393654,10007458845584302458,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3340 /prefetch:2
                                          8⤵
                                            PID:2080
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,3853672106441393654,10007458845584302458,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3248 /prefetch:2
                                            8⤵
                                              PID:3808
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,3853672106441393654,10007458845584302458,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3844 /prefetch:2
                                              8⤵
                                                PID:3296
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,3853672106441393654,10007458845584302458,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3848 /prefetch:2
                                                8⤵
                                                  PID:5948
                                              • C:\Windows\SysWOW64\cmd.exe
                                                "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\Admin\AppData\Local\Temp\1009342001\VBVEd6f.exe" & rd /s /q "C:\ProgramData\CBAFIDAECBGC" & exit
                                                7⤵
                                                • System Location Discovery: System Language Discovery
                                                PID:6692
                                                • C:\Windows\SysWOW64\timeout.exe
                                                  timeout /t 10
                                                  8⤵
                                                  • System Location Discovery: System Language Discovery
                                                  • Delays execution with timeout.exe
                                                  PID:6588
                                            • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                              "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy remotesigned -File "C:\Users\Admin\AppData\Local\Temp\1009351041\PeRVAzl.ps1"
                                              6⤵
                                              • Suspicious use of SetThreadContext
                                              • Command and Scripting Interpreter: PowerShell
                                              • System Location Discovery: System Language Discovery
                                              • Suspicious behavior: EnumeratesProcesses
                                              • Suspicious use of AdjustPrivilegeToken
                                              PID:4752
                                              • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                7⤵
                                                • System Location Discovery: System Language Discovery
                                                • Suspicious behavior: EnumeratesProcesses
                                                • Suspicious use of AdjustPrivilegeToken
                                                • Suspicious use of SetWindowsHookEx
                                                PID:5148
                                            • C:\Users\Admin\AppData\Local\Temp\1009454001\5dcbb72d2b.exe
                                              "C:\Users\Admin\AppData\Local\Temp\1009454001\5dcbb72d2b.exe"
                                              6⤵
                                              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                              • Checks BIOS information in registry
                                              • Executes dropped EXE
                                              • Identifies Wine through registry keys
                                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                                              • System Location Discovery: System Language Discovery
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:5184
                                              • C:\Windows\SysWOW64\WerFault.exe
                                                C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 1656
                                                7⤵
                                                • Program crash
                                                PID:5872
                                              • C:\Windows\SysWOW64\WerFault.exe
                                                C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 1416
                                                7⤵
                                                • Program crash
                                                PID:628
                                              • C:\Windows\SysWOW64\WerFault.exe
                                                C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 1692
                                                7⤵
                                                • Program crash
                                                PID:5776
                                            • C:\Users\Admin\AppData\Local\Temp\1009455001\dd3afc8fea.exe
                                              "C:\Users\Admin\AppData\Local\Temp\1009455001\dd3afc8fea.exe"
                                              6⤵
                                              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                              • Checks BIOS information in registry
                                              • Executes dropped EXE
                                              • Identifies Wine through registry keys
                                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                                              • System Location Discovery: System Language Discovery
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:5276
                                            • C:\Users\Admin\AppData\Local\Temp\1009456001\701ff1219c.exe
                                              "C:\Users\Admin\AppData\Local\Temp\1009456001\701ff1219c.exe"
                                              6⤵
                                              • Executes dropped EXE
                                              • System Location Discovery: System Language Discovery
                                              • Suspicious behavior: EnumeratesProcesses
                                              • Suspicious use of FindShellTrayWindow
                                              • Suspicious use of SendNotifyMessage
                                              PID:2000
                                              • C:\Windows\SysWOW64\taskkill.exe
                                                taskkill /F /IM firefox.exe /T
                                                7⤵
                                                • System Location Discovery: System Language Discovery
                                                • Kills process with taskkill
                                                • Suspicious use of AdjustPrivilegeToken
                                                PID:3976
                                              • C:\Windows\SysWOW64\taskkill.exe
                                                taskkill /F /IM chrome.exe /T
                                                7⤵
                                                • System Location Discovery: System Language Discovery
                                                • Kills process with taskkill
                                                • Suspicious use of AdjustPrivilegeToken
                                                PID:5708
                                              • C:\Windows\SysWOW64\taskkill.exe
                                                taskkill /F /IM msedge.exe /T
                                                7⤵
                                                • System Location Discovery: System Language Discovery
                                                • Kills process with taskkill
                                                • Suspicious use of AdjustPrivilegeToken
                                                PID:1272
                                              • C:\Windows\SysWOW64\taskkill.exe
                                                taskkill /F /IM opera.exe /T
                                                7⤵
                                                • System Location Discovery: System Language Discovery
                                                • Kills process with taskkill
                                                • Suspicious use of AdjustPrivilegeToken
                                                PID:2576
                                              • C:\Windows\SysWOW64\taskkill.exe
                                                taskkill /F /IM brave.exe /T
                                                7⤵
                                                • System Location Discovery: System Language Discovery
                                                • Kills process with taskkill
                                                • Suspicious use of AdjustPrivilegeToken
                                                PID:5140
                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                                7⤵
                                                  PID:5156
                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                                    8⤵
                                                    • Checks processor information in registry
                                                    • Modifies registry class
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    • Suspicious use of FindShellTrayWindow
                                                    • Suspicious use of SendNotifyMessage
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:3488
                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2040 -parentBuildID 20240401114208 -prefsHandle 1956 -prefMapHandle 1948 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {af97a9b6-9a95-4628-9d39-501add57319a} 3488 "\\.\pipe\gecko-crash-server-pipe.3488" gpu
                                                      9⤵
                                                        PID:612
                                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2476 -parentBuildID 20240401114208 -prefsHandle 2468 -prefMapHandle 2460 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45de941b-e8d1-4ee7-ba90-b1af468ec5da} 3488 "\\.\pipe\gecko-crash-server-pipe.3488" socket
                                                        9⤵
                                                          PID:228
                                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2964 -childID 1 -isForBrowser -prefsHandle 2832 -prefMapHandle 1684 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1280 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {07aae296-322c-4daf-946d-e25c84aef1ca} 3488 "\\.\pipe\gecko-crash-server-pipe.3488" tab
                                                          9⤵
                                                            PID:4872
                                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4000 -childID 2 -isForBrowser -prefsHandle 3996 -prefMapHandle 3992 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1280 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e502dd44-2050-4fa4-8435-9e72ad40202f} 3488 "\\.\pipe\gecko-crash-server-pipe.3488" tab
                                                            9⤵
                                                              PID:5208
                                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3672 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4656 -prefMapHandle 4652 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58d52ce2-e791-405c-aa8d-857a3ce9e307} 3488 "\\.\pipe\gecko-crash-server-pipe.3488" utility
                                                              9⤵
                                                              • Checks processor information in registry
                                                              PID:6168
                                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5220 -childID 3 -isForBrowser -prefsHandle 5264 -prefMapHandle 5260 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1280 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {94b989c3-75ab-412e-bc97-1abd11c75265} 3488 "\\.\pipe\gecko-crash-server-pipe.3488" tab
                                                              9⤵
                                                                PID:2256
                                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5420 -childID 4 -isForBrowser -prefsHandle 5340 -prefMapHandle 5348 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1280 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cdb6acf5-13b5-40a6-96d1-8104a93a440d} 3488 "\\.\pipe\gecko-crash-server-pipe.3488" tab
                                                                9⤵
                                                                  PID:5368
                                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5572 -childID 5 -isForBrowser -prefsHandle 5312 -prefMapHandle 5320 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1280 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec34deb0-f0b1-4f7d-9e13-6ee4be3139cb} 3488 "\\.\pipe\gecko-crash-server-pipe.3488" tab
                                                                  9⤵
                                                                    PID:5320
                                                            • C:\Users\Admin\AppData\Local\Temp\1009457001\79d2c60732.exe
                                                              "C:\Users\Admin\AppData\Local\Temp\1009457001\79d2c60732.exe"
                                                              6⤵
                                                              • Modifies Windows Defender Real-time Protection settings
                                                              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                              • Checks BIOS information in registry
                                                              • Executes dropped EXE
                                                              • Identifies Wine through registry keys
                                                              • Windows security modification
                                                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                              • System Location Discovery: System Language Discovery
                                                              • Suspicious behavior: EnumeratesProcesses
                                                              • Suspicious use of AdjustPrivilegeToken
                                                              PID:6776
                                                            • C:\Users\Admin\AppData\Local\Temp\1009458001\eb3ffc280d.exe
                                                              "C:\Users\Admin\AppData\Local\Temp\1009458001\eb3ffc280d.exe"
                                                              6⤵
                                                              • Enumerates VirtualBox registry keys
                                                              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                              • Checks BIOS information in registry
                                                              • Checks computer location settings
                                                              • Executes dropped EXE
                                                              • Identifies Wine through registry keys
                                                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                              • System Location Discovery: System Language Discovery
                                                              • Checks processor information in registry
                                                              • Suspicious behavior: EnumeratesProcesses
                                                              PID:1144
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
                                                                7⤵
                                                                • Uses browser remote debugging
                                                                • Enumerates system info in registry
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                • Suspicious use of AdjustPrivilegeToken
                                                                PID:3216
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x174,0x178,0x17c,0x98,0x180,0x7ffff0d0cc40,0x7ffff0d0cc4c,0x7ffff0d0cc58
                                                                  8⤵
                                                                    PID:2372
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2044,i,3899506130198543839,16587988252083602054,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2040 /prefetch:2
                                                                    8⤵
                                                                      PID:4632
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1956,i,3899506130198543839,16587988252083602054,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2080 /prefetch:3
                                                                      8⤵
                                                                        PID:2996
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2308,i,3899506130198543839,16587988252083602054,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2436 /prefetch:8
                                                                        8⤵
                                                                          PID:804
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9222 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3236,i,3899506130198543839,16587988252083602054,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3256 /prefetch:1
                                                                          8⤵
                                                                          • Uses browser remote debugging
                                                                          PID:5988
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9222 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3280,i,3899506130198543839,16587988252083602054,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3304 /prefetch:1
                                                                          8⤵
                                                                          • Uses browser remote debugging
                                                                          PID:5484
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9222 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4608,i,3899506130198543839,16587988252083602054,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4332 /prefetch:1
                                                                          8⤵
                                                                          • Uses browser remote debugging
                                                                          PID:6344
                                                                      • C:\Users\Admin\AppData\Local\Temp\service123.exe
                                                                        "C:\Users\Admin\AppData\Local\Temp\service123.exe"
                                                                        7⤵
                                                                        • Executes dropped EXE
                                                                        • Loads dropped DLL
                                                                        • System Location Discovery: System Language Discovery
                                                                        PID:4448
                                                                      • C:\Windows\SysWOW64\schtasks.exe
                                                                        "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\Admin\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f
                                                                        7⤵
                                                                        • System Location Discovery: System Language Discovery
                                                                        • Scheduled Task/Job: Scheduled Task
                                                                        PID:2732
                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                        C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 1900
                                                                        7⤵
                                                                        • Program crash
                                                                        PID:6844
                                                                • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2k5210.exe
                                                                  C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2k5210.exe
                                                                  4⤵
                                                                  • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                  • Checks BIOS information in registry
                                                                  • Executes dropped EXE
                                                                  • Identifies Wine through registry keys
                                                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                  • System Location Discovery: System Language Discovery
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  PID:4424
                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                    C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 1648
                                                                    5⤵
                                                                    • Program crash
                                                                    PID:1768
                                                              • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3a36L.exe
                                                                C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3a36L.exe
                                                                3⤵
                                                                • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                • Checks BIOS information in registry
                                                                • Executes dropped EXE
                                                                • Identifies Wine through registry keys
                                                                • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                • System Location Discovery: System Language Discovery
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                PID:5100
                                                            • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4J089A.exe
                                                              C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4J089A.exe
                                                              2⤵
                                                              • Modifies Windows Defender Real-time Protection settings
                                                              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                              • Checks BIOS information in registry
                                                              • Executes dropped EXE
                                                              • Identifies Wine through registry keys
                                                              • Windows security modification
                                                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                              • System Location Discovery: System Language Discovery
                                                              • Suspicious behavior: EnumeratesProcesses
                                                              • Suspicious use of AdjustPrivilegeToken
                                                              PID:3716
                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                            C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4424 -ip 4424
                                                            1⤵
                                                              PID:1308
                                                            • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                              "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                              1⤵
                                                                PID:5072
                                                              • C:\Windows\system32\svchost.exe
                                                                C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                                1⤵
                                                                  PID:3460
                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 372 -p 5184 -ip 5184
                                                                  1⤵
                                                                    PID:5380
                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 5184 -ip 5184
                                                                    1⤵
                                                                      PID:5628
                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 5184 -ip 5184
                                                                      1⤵
                                                                        PID:5816
                                                                      • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                        C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                        1⤵
                                                                        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                        • Checks BIOS information in registry
                                                                        • Executes dropped EXE
                                                                        • Identifies Wine through registry keys
                                                                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        PID:5776
                                                                      • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                        "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                        1⤵
                                                                          PID:6272
                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                          C:\Windows\SysWOW64\WerFault.exe -pss -s 372 -p 1144 -ip 1144
                                                                          1⤵
                                                                            PID:4464
                                                                          • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                            C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                            1⤵
                                                                            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                            • Checks BIOS information in registry
                                                                            • Executes dropped EXE
                                                                            • Identifies Wine through registry keys
                                                                            • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                            PID:6388
                                                                          • C:\Users\Admin\AppData\Local\Temp\service123.exe
                                                                            C:\Users\Admin\AppData\Local\Temp\/service123.exe
                                                                            1⤵
                                                                            • Executes dropped EXE
                                                                            • Loads dropped DLL
                                                                            PID:6424

                                                                          Network

                                                                          MITRE ATT&CK Enterprise v15

                                                                          Reconnaissance

                                                                          Resource Development

                                                                          Initial Access

                                                                          Execution

                                                                          Command and Scripting Interpreter

                                                                          1
                                                                          T1059

                                                                          PowerShell

                                                                          1
                                                                          T1059.001

                                                                          Scheduled Task/Job

                                                                          1
                                                                          T1053

                                                                          Scheduled Task

                                                                          1
                                                                          T1053.005

                                                                          Persistence

                                                                          Boot or Logon Autostart Execution

                                                                          1
                                                                          T1547

                                                                          Registry Run Keys / Startup Folder

                                                                          1
                                                                          T1547.001

                                                                          Create or Modify System Process

                                                                          1
                                                                          T1543

                                                                          Windows Service

                                                                          1
                                                                          T1543.003

                                                                          Modify Authentication Process

                                                                          1
                                                                          T1556

                                                                          Scheduled Task/Job

                                                                          1
                                                                          T1053

                                                                          Scheduled Task

                                                                          1
                                                                          T1053.005

                                                                          Privilege Escalation

                                                                          Boot or Logon Autostart Execution

                                                                          1
                                                                          T1547

                                                                          Registry Run Keys / Startup Folder

                                                                          1
                                                                          T1547.001

                                                                          Create or Modify System Process

                                                                          1
                                                                          T1543

                                                                          Windows Service

                                                                          1
                                                                          T1543.003

                                                                          Scheduled Task/Job

                                                                          1
                                                                          T1053

                                                                          Scheduled Task

                                                                          1
                                                                          T1053.005

                                                                          Defense Evasion

                                                                          Impair Defenses

                                                                          2
                                                                          T1562

                                                                          Disable or Modify Tools

                                                                          2
                                                                          T1562.001

                                                                          Modify Authentication Process

                                                                          1
                                                                          T1556

                                                                          Modify Registry

                                                                          3
                                                                          T1112

                                                                          Virtualization/Sandbox Evasion

                                                                          3
                                                                          T1497

                                                                          Credential Access

                                                                          Credentials from Password Stores

                                                                          1
                                                                          T1555

                                                                          Credentials from Web Browsers

                                                                          1
                                                                          T1555.003

                                                                          Modify Authentication Process

                                                                          1
                                                                          T1556

                                                                          Steal Web Session Cookie

                                                                          1
                                                                          T1539

                                                                          Unsecured Credentials

                                                                          4
                                                                          T1552

                                                                          Credentials In Files

                                                                          4
                                                                          T1552.001

                                                                          Discovery

                                                                          Browser Information Discovery

                                                                          1
                                                                          T1217

                                                                          Query Registry

                                                                          9
                                                                          T1012

                                                                          System Information Discovery

                                                                          5
                                                                          T1082

                                                                          System Location Discovery

                                                                          1
                                                                          T1614

                                                                          System Language Discovery

                                                                          1
                                                                          T1614.001

                                                                          Virtualization/Sandbox Evasion

                                                                          3
                                                                          T1497

                                                                          Lateral Movement

                                                                          Collection

                                                                          Data from Local System

                                                                          3
                                                                          T1005

                                                                          Command and Control

                                                                          Exfiltration

                                                                          Impact

                                                                          Replay Monitor

                                                                          Loading Replay Monitor...

                                                                          Downloads

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
                                                                            Filesize

                                                                            40B

                                                                            MD5

                                                                            0cbe49c501b96422e1f72227d7f5c947

                                                                            SHA1

                                                                            4b0be378d516669ef2b5028a0b867e23f5641808

                                                                            SHA256

                                                                            750530732cba446649e872839c11e7b2a44e9fb5e053fc3b444678a5a8b262ac

                                                                            SHA512

                                                                            984ea25c89baf0eb1d9f905841bda39813a94e2d1923dfb42d7165f15c589bd7ff864040ec8f3f682f3c57702498efff15a499f7dc077dd722d84b47cf895931

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0
                                                                            Filesize

                                                                            44KB

                                                                            MD5

                                                                            f57c45434583dfaae2a14b61d391ef6f

                                                                            SHA1

                                                                            9d3e148ee29d7d43a62febe2aeb05bea9b86c116

                                                                            SHA256

                                                                            852cf2a83ff8c24a0bb9cd211fa0a64a1b60d9013265b1b5228be9f1cf17c2d0

                                                                            SHA512

                                                                            99d06ef6fe42589cfe3260d021f3acbee80c74bb3f03692c6672adc6e87641d3e47bb71d52dda75df8195da1596406cc95c9b40d327c7d3f7295cf67c051a1e0

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1
                                                                            Filesize

                                                                            264KB

                                                                            MD5

                                                                            a76d0d70d3a95cb597bd3fd9fd9229e2

                                                                            SHA1

                                                                            fd4a2697d630ee25c9ed6de53d382a6c07258350

                                                                            SHA256

                                                                            5fcd4ced02adbb16697bcbab590ca377bfda099f4eb53364390aafb007966849

                                                                            SHA512

                                                                            bd9050fc1702cf28cbda830db9b5d5bd480f7cfdfbc01686854459fabbcfb8e82b07527df80052f3ae1da8db0367b5df58b7a6c6af955e910403baf9d5224b30

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3
                                                                            Filesize

                                                                            4.0MB

                                                                            MD5

                                                                            a05b4ac40eddfd56379a44ea471a3ce0

                                                                            SHA1

                                                                            dc98723a0f6ab1e80d5c6956477f6aee8a1ca115

                                                                            SHA256

                                                                            14561c4505063280026735725b6cddd1479a56683af8efe5da8b19df4ce35cf4

                                                                            SHA512

                                                                            a7380ffdfb2b86a3c4b3f1ecddbc0e92fd0cc244216cc1105ebc739d3f1892b36305603e7089de33943885595fe93e8c913bffc6b95e5d21b875c77107e58e46

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0
                                                                            Filesize

                                                                            44KB

                                                                            MD5

                                                                            7426c8b37f7924b346625f2c8804f2ac

                                                                            SHA1

                                                                            11a9edcf467e4ae4497af055b79d4d0b19332863

                                                                            SHA256

                                                                            79a29f063f5a65a2e943c3f460a86dcc70e37d4ff612301620df71e827e737ab

                                                                            SHA512

                                                                            5e9beb6e7492a19d117f59d522107645958f78fe804bbdc59ca273af2058a46f05dfd30fe7a929f8ae970db6d932c98c963ed7e3244bf94132755458fdf86af2

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
                                                                            Filesize

                                                                            264KB

                                                                            MD5

                                                                            a1ab7710b594e9fb75dc83ff1e2abb09

                                                                            SHA1

                                                                            308b411643856dd84dec10c123ee72fcac7b002b

                                                                            SHA256

                                                                            2452b61306e90bff6d03f37401681e9ea8875038be5406da489107d37eaaf3a9

                                                                            SHA512

                                                                            2fee7c7014dffdde484703667ab9c1072f4a8d4d395aacfa52f5b75734397554ac130b2485ec024883c0a2b6548aa0706bc9d34e2f23d4d31304eb4416652445

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2
                                                                            Filesize

                                                                            1.0MB

                                                                            MD5

                                                                            4e2e997da0ae227057e074c67afdb7fa

                                                                            SHA1

                                                                            0a0b4db63b5a84f0bbbd8b0d472e665be69697cb

                                                                            SHA256

                                                                            e8fca9c48d54e3405ad60c23ca5eaf2f15fb9a1d59b3936f178fcfac70a967e4

                                                                            SHA512

                                                                            cb721fb2c0a687fdf89041d9baac042e45991bdd57b1093968e16ba5230741f027c358c8e9f45bab4bf16461fd9145dfacf596e418f4cfda60694af4237ced3f

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3
                                                                            Filesize

                                                                            4.0MB

                                                                            MD5

                                                                            c73ceb946a84dd65c7571e065361ff89

                                                                            SHA1

                                                                            0188249b60156917726cece1be3ed2c5157841c4

                                                                            SHA256

                                                                            5ac5fb30df32a601b6b949cb1a86f869a07ee8b35df9d4cf2a2187681e699483

                                                                            SHA512

                                                                            f67fc989f0af95783654b6258b8061ec4eb69abb9065db26731eb76e735e6914ffd25b6ebbf4e018fc6899dbaa711af689e62fae4cac97d75d913f2047c2ced4

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
                                                                            Filesize

                                                                            329B

                                                                            MD5

                                                                            0ef6bd433030319e07f31b41f3c5fcb0

                                                                            SHA1

                                                                            7e41c507f4eb27524e206d10a9512d8193b6c385

                                                                            SHA256

                                                                            a46075d9512500f1690729a01e801a793e1bc44b9c9dc919ecbb7476a32c9753

                                                                            SHA512

                                                                            cce748b2d72926fe4803c3ed603999a707f155ee5045caaf6c52f17a4233c4d8d0b9b1f37b2aaeff1930d6934dcd0d1d43f70a0793e6e2ffc042825463fe6e4e

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            0d05da9a727cd0f72e93a84b6c065820

                                                                            SHA1

                                                                            0e509bf644e2627e52484a8981a161ef9cdb8da9

                                                                            SHA256

                                                                            4404f59e3eab8206dc7309dc3a22e2bc23ecbba961c1a7cb4fa2718d7448a957

                                                                            SHA512

                                                                            ff00e53356c3c72e36b3c8a8e2801dde97bbe1e395ad799c6baafbc95343ec24cceef40ffca2654e188b61f9ce6b9847634808ef9d416bd0ce27f39b8aa4f092

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                                                            Filesize

                                                                            2B

                                                                            MD5

                                                                            d751713988987e9331980363e24189ce

                                                                            SHA1

                                                                            97d170e1550eee4afc0af065b78cda302a97674c

                                                                            SHA256

                                                                            4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                            SHA512

                                                                            b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                            Filesize

                                                                            356B

                                                                            MD5

                                                                            128683e864e54f836eb46157b7b74299

                                                                            SHA1

                                                                            54d727ec0fcc52f602d24bd71eef1f80114c2bfd

                                                                            SHA256

                                                                            c6ba572c0b9a3210dbd51fbf7f8d88c76ddeb5c778c81e02e85bff8935c8482f

                                                                            SHA512

                                                                            ab79fa293c1ec1e65d5fdd2be8d26126a6811cda3e4e1cb5d97dd4f2c1ef2096a33941374fff7cfafba3ccf3dbbdf1b76a77771827546a33cb5ecc0dbc781f76

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG
                                                                            Filesize

                                                                            333B

                                                                            MD5

                                                                            4f79cf17c28188baf9a692e3e2e5db07

                                                                            SHA1

                                                                            943f77e0dbd2cf2e30174d1481b1e94bd8a234c3

                                                                            SHA256

                                                                            df0b5286cbf86a722c4624b796033ab5766d595735ea3bd6cb52ff28b2f66da6

                                                                            SHA512

                                                                            34aa9528ad2fa0bed9a105bd1b6be68ec31ef9f6fa3ce90d5d58d7b8b55d5e50d8b168090544660e8023a0174ca66979c4c3bb8115f4a148dec7d8adfb223f0d

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
                                                                            Filesize

                                                                            345B

                                                                            MD5

                                                                            3b4d4ba250f149198b8e8f7e11153757

                                                                            SHA1

                                                                            80c15ddd3ffcba81db1b6166fdbfa3db985cb094

                                                                            SHA256

                                                                            f6ba024296aa1c587b48d759543db36dfa67061b144b48f739b5e6746452f132

                                                                            SHA512

                                                                            f099e91f289381afbccc99fe3a3c1a438f5d9bd2459ab651a7486c7d60652bca8e4934b0302a683e872cd9b3812cf4f7cc9f4defb0dd8a4831034469794ca84a

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
                                                                            Filesize

                                                                            321B

                                                                            MD5

                                                                            4e709e846ec40e0235689067b1b357fc

                                                                            SHA1

                                                                            9531f9d5154af44a73e9c128dadbb744f945f8a3

                                                                            SHA256

                                                                            1c1055841990b8c9587580c3b7a9fa7c05a29610ed869e87f0db4de44c329085

                                                                            SHA512

                                                                            b17fb59210a851efbc83be6b3a08226a5ede1dcd9bf440900f767f0d14edb256217fb5632b0faf77283eba3b0a35a73afdc8f1defd09398257d2973314e22377

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal
                                                                            Filesize

                                                                            8KB

                                                                            MD5

                                                                            84c181e7b37552c9dd33d3222a84ef9b

                                                                            SHA1

                                                                            0830ae7b1d94a87ff465ebe9c2176a53c811ea77

                                                                            SHA256

                                                                            0f66f4bb25aa81ac59eeae736ff19c246ba1b0ef0fe22b66a95c0490f4bb5a5a

                                                                            SHA512

                                                                            8db0bf007f36e21fae21f2b00f5d33f951f5d6247219234be73cde926e254d34d7006e365b00ccc8040ead79d3d6259bd2ed0f1411749fbb4184f1fa0d368931

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\bbf486da-8296-432f-a3d6-5c54a931d52d.tmp
                                                                            Filesize

                                                                            1B

                                                                            MD5

                                                                            5058f1af8388633f609cadb75a75dc9d

                                                                            SHA1

                                                                            3a52ce780950d4d969792a2559cd519d7ee8c727

                                                                            SHA256

                                                                            cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                                            SHA512

                                                                            0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log
                                                                            Filesize

                                                                            18KB

                                                                            MD5

                                                                            00f45aba8ba8c11b50a8a31af6df0dc5

                                                                            SHA1

                                                                            3c3530d51b30a0078f8a558d2aa8efc6b8e6f596

                                                                            SHA256

                                                                            f075dfeb2ddd43334088931be26d096e1964d85abbd512c5cba7086a28a1bba6

                                                                            SHA512

                                                                            d6c882cf4a2c1d466c3b740ca77bbb4655897ebb567d67e33beb47b5c8b60ebf898b21b4a59ff1996b5695d0f2620cb0aec44dd92423a92fa7a7e54a2fdbc4b8

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG
                                                                            Filesize

                                                                            320B

                                                                            MD5

                                                                            1b3ecba88332d11eeeef25b76590e321

                                                                            SHA1

                                                                            5f15624434735b41feaa510d6d566b2beb08318d

                                                                            SHA256

                                                                            fc5bd51c944b06ae3cff026ed45e3f52490feab51b79eade9eb46150e0acb3c5

                                                                            SHA512

                                                                            238052f59c0c388213c6048d338aacc103922259408648a301e3743ad23ac5443acd2184e310b287bda12d7a3f65088eab56d6eeb8817a89901978c46d34f10e

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log
                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            a6c2c5cc285b5d72192ce84ae5e06bcf

                                                                            SHA1

                                                                            1efceb3580ea1ddca06d9249cf171b02ffd8d891

                                                                            SHA256

                                                                            c6cd34b6557c0d95dcaea8c800dc54f2fddcd49c085e3fb2690ca6edb550838b

                                                                            SHA512

                                                                            f5f571fa154e9e51f997c857609dbddbd00e94a999a37531a16bbcb3b5b57bb6ac732c0fa963b27b349c3a600da1435872ec7bf6172f909101555e7046bdc2e8

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
                                                                            Filesize

                                                                            338B

                                                                            MD5

                                                                            b0aa9bec043ff9aff26af8f1dd71930f

                                                                            SHA1

                                                                            11383047095d6ab93af60e0a1920ecd5deb6acc2

                                                                            SHA256

                                                                            8de9b9fa3349602d23c382723b0ff1facd50943cf248a91bdbf55a768cb7753b

                                                                            SHA512

                                                                            284550d068774072929fd347b6f8bf3aabf40f9ce6da49dea01762b00a6e919f81b12b37ebb118f7332ea0355c8c9d18a586e42533b5c8d5dec936fd9733e6f7

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
                                                                            Filesize

                                                                            14B

                                                                            MD5

                                                                            ef48733031b712ca7027624fff3ab208

                                                                            SHA1

                                                                            da4f3812e6afc4b90d2185f4709dfbb6b47714fa

                                                                            SHA256

                                                                            c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

                                                                            SHA512

                                                                            ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
                                                                            Filesize

                                                                            86B

                                                                            MD5

                                                                            f732dbed9289177d15e236d0f8f2ddd3

                                                                            SHA1

                                                                            53f822af51b014bc3d4b575865d9c3ef0e4debde

                                                                            SHA256

                                                                            2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

                                                                            SHA512

                                                                            b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                            Filesize

                                                                            152B

                                                                            MD5

                                                                            c2d9eeb3fdd75834f0ac3f9767de8d6f

                                                                            SHA1

                                                                            4d16a7e82190f8490a00008bd53d85fb92e379b0

                                                                            SHA256

                                                                            1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

                                                                            SHA512

                                                                            d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                            Filesize

                                                                            152B

                                                                            MD5

                                                                            e55832d7cd7e868a2c087c4c73678018

                                                                            SHA1

                                                                            ed7a2f6d6437e907218ffba9128802eaf414a0eb

                                                                            SHA256

                                                                            a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

                                                                            SHA512

                                                                            897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                            Filesize

                                                                            5KB

                                                                            MD5

                                                                            dc178962f31d251dfc5af91a5231b78e

                                                                            SHA1

                                                                            364f0d44eb695240221df3d992f0c5de362133b3

                                                                            SHA256

                                                                            bb2206e132e6f2141e3e10343c585a03f76c534152981b407e566ec937013bb9

                                                                            SHA512

                                                                            646d7144c036c951bce1c2823053a8ddd80604199ef44c10dc9d6d140177f44ac9fc751c6cc72974630b910fd1cb896a70a5d9b871a3ae34c20a3d921c9884c6

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
                                                                            Filesize

                                                                            264KB

                                                                            MD5

                                                                            f50f89a0a91564d0b8a211f8921aa7de

                                                                            SHA1

                                                                            112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                                            SHA256

                                                                            b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                                            SHA512

                                                                            bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\activity-stream.discovery_stream.json.tmp
                                                                            Filesize

                                                                            28KB

                                                                            MD5

                                                                            ab15622ae5775148d4fa5812b22d4dd0

                                                                            SHA1

                                                                            09ebabbff2a1b73693ed4a8d6334a6e6bf4f9fdc

                                                                            SHA256

                                                                            892d092cfba194f4d311323ec01d908dfbef35cdabe951bc42c56b71975cd208

                                                                            SHA512

                                                                            9c168c55918087c783e3d92b124f53e085253c481ee95fdc6c5fbf4c25d0cdb076b5d4a8b3efd1ff4ffcfbefc901d7ad21d40149aef63b7883104333288b9157

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878
                                                                            Filesize

                                                                            13KB

                                                                            MD5

                                                                            2ac456dc701e62edc96e7c78d7cb9908

                                                                            SHA1

                                                                            77961941f1194678e7bf8de65adf47ca91646790

                                                                            SHA256

                                                                            2fd9710ab3b50a69d47db9714e9ff7c8bc62c3e27a41eb653956c306dfb290da

                                                                            SHA512

                                                                            1dc1adecd1433ad41dc5c2e8842af71235a5e9e95788b0278194661bba2f91608c42199fbc5f2069b9063ea111bb68d9af1d65981c27a5a1dde5d79e9297656b

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308
                                                                            Filesize

                                                                            9KB

                                                                            MD5

                                                                            3e280f9bc237d3d8318c739e2b187fcc

                                                                            SHA1

                                                                            a5b2a7f6eada117515022fb2bb51b3b3e036fd85

                                                                            SHA256

                                                                            c295b96340477688ef02385ae629eb40439fff121f3d7e15133b63cb53b47e9f

                                                                            SHA512

                                                                            3aac11c20ce684ddb12f67fe2dcaef099620473725c73e9d48cb3b99d39b2782b2a83844f640b30f0138b23fe8f398b2f5b64c4d85f37e5558de77ee8cd950ef

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\1009342001\VBVEd6f.exe
                                                                            Filesize

                                                                            409KB

                                                                            MD5

                                                                            4ea576c1e8f58201fd4219a86665eaa9

                                                                            SHA1

                                                                            efaf3759b04ee0216254cf07095d52b110c7361f

                                                                            SHA256

                                                                            d94206d9509cc47cae22c94d32658b31cf65c37b1b15ce035ffaa5ce5872ad2f

                                                                            SHA512

                                                                            0c7462bc590d06f0ead37246f189d4d56e1d62ff73f67bf7e2ce9c653d8c56812a5f1306fb504168f7e33b87485c3465ea921a36f1ba5b458d7763e45c649494

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\1009351041\PeRVAzl.ps1
                                                                            Filesize

                                                                            3.0MB

                                                                            MD5

                                                                            2b918bf4566595e88a664111ce48b161

                                                                            SHA1

                                                                            e32fbdf64bb71dc870bfad9bbd571f11c6a723f4

                                                                            SHA256

                                                                            48492827286d403668996ae3814b2216b3b616f2fb4af2022bf3d2fc3f979a26

                                                                            SHA512

                                                                            e3d58adbe13befe91fb950cc52b16d6d2fcb8f6d65bab4020222713207b07ce78b76e2e2532cf3de23149e934ba1e1cb9046a95a18424a668bfa4a355af6f44a

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\1009456001\701ff1219c.exe
                                                                            Filesize

                                                                            901KB

                                                                            MD5

                                                                            cdc59bd1b27b4f3b7c58dced455c2616

                                                                            SHA1

                                                                            c14d1868e95b63607d167aa7f37e0947ba1dd0ad

                                                                            SHA256

                                                                            a09e80ad0b055a1a7222999a6ff6190785a9f2c707e785bc0696615dac85eb28

                                                                            SHA512

                                                                            4c52a3470545701bc0b083c9abd847d74920b198d52c2ac225dc4448d0d8c7388ffd34f52cc43b225b64dfc52f19b79fba24af77c9a48d0b90550c259bec45a2

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\1009458001\eb3ffc280d.exe
                                                                            Filesize

                                                                            4.2MB

                                                                            MD5

                                                                            8bbc0ba3f7e3de90ec5e840675fb4312

                                                                            SHA1

                                                                            d55c0017d44c6f92dab0a4590239633ae0d39c6d

                                                                            SHA256

                                                                            61b556e5d3b3f6005b4d8074e31cb3b3fd99a285b62e8f141c5ee52bdfeb9e44

                                                                            SHA512

                                                                            6a6fe43be875d44235b09f4b64fe54a0e3a2c426b314f236291c46f614774ebd3151ece273601f626c684a89138e452b713250d118f954694fef866775f740f6

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4J089A.exe
                                                                            Filesize

                                                                            2.6MB

                                                                            MD5

                                                                            0240b7c66d6cf79bfd7b95fff6fd9dc3

                                                                            SHA1

                                                                            5dcf8ea00a049abe9b866ee4e1f29d62ee656731

                                                                            SHA256

                                                                            b963ad296429c0ae779b103479fa31a61de119987601b520aaf02f5e2e81390c

                                                                            SHA512

                                                                            5766ddbba3e2ff1f2b2bbc691dca1ce2d5f3289efd55d1bd118f999c382f576c21d67d443e6996ed20dbeef0c3c602193efe0c5d096d98438d3c6887e84bce4f

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\B0s53.exe
                                                                            Filesize

                                                                            5.5MB

                                                                            MD5

                                                                            0a07b96b8ba7bd2ba52f9ec28e562f1e

                                                                            SHA1

                                                                            792ec7b96f6ba05f9fa14adcf93b63f4dc40e168

                                                                            SHA256

                                                                            48858c934f5040b3437f05a1ef97bb522af18bd457faa4f459abd27293b1807b

                                                                            SHA512

                                                                            d024f4ce2f8922783e22404cf85738d299a5df537fb8fcb8cd3717acc10a307f2444825bbfe8b91bf30668e47cd4692c293cc049f673f1557aef5c4e8e6e1c2f

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3a36L.exe
                                                                            Filesize

                                                                            1.7MB

                                                                            MD5

                                                                            d93fd3795d6fa86e06402a2f11be46ba

                                                                            SHA1

                                                                            e670eaaaf23433fa7a27125af0291fcf0df95885

                                                                            SHA256

                                                                            35b12ada409eee049b0fca0d3869bada83cc98dc1cfacd23c74a43d56ccff59d

                                                                            SHA512

                                                                            c25cb5bbdbb0621185c131781e2bafa75e0adbc53bd18ef8916eb469f037ab72341b5b93742074939364e23f297403beb513bbd8ae17d0baa82df01ec25acc1f

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\T5h09.exe
                                                                            Filesize

                                                                            3.7MB

                                                                            MD5

                                                                            93770d9fab88f8fae8c87c5679f13801

                                                                            SHA1

                                                                            da5fa59271fb629eae41f26586d6f709c80180f6

                                                                            SHA256

                                                                            cf9a93544fc5e3f46f271b6d0aa055c975101ee969c9009197fff6a847ced418

                                                                            SHA512

                                                                            0203a4ebc699be3dbd6e0deed13f0ed0b3044bf30cc37629a186cbef8ad4282096990fa78a12ec3e43f025334fca93bdb4ab42f679189d18e74721e02103fcef

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1t88s7.exe
                                                                            Filesize

                                                                            1.8MB

                                                                            MD5

                                                                            7920daea894cc2ef008794411bb22462

                                                                            SHA1

                                                                            7ad8259a1e1945809db9306ab3aa6ebb3d569501

                                                                            SHA256

                                                                            53e9caad40cf2402f81425dfa2e3c3be4a6f9d09b1c9621735bfc67674ad82a1

                                                                            SHA512

                                                                            f3b9351e828bd24ffef316ed451525f8d491067ebe278db6857dc2587479b395f921ce1a2151359c74d5fe04a4ff7eecd0d59680e821fc96ce3894fa78734876

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2k5210.exe
                                                                            Filesize

                                                                            1.8MB

                                                                            MD5

                                                                            c1756ba8e668171e8a8222cb72b339cf

                                                                            SHA1

                                                                            08c69f22e986d3e2844a995b6081fb04dea78c9a

                                                                            SHA256

                                                                            b2f68e815f18b56d167d9aa0b4e4752e62a3a355a84198fe64692245d653ebc5

                                                                            SHA512

                                                                            a515bba1ab918aa7014ff1af0a77ea2b7b084305230f826326f1b2b7e686c30e0f4276818228bf7b4e361ddb60732a4a3f72a0485220157880db8b5dbc6583b3

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_xdyugtal.niy.ps1
                                                                            Filesize

                                                                            60B

                                                                            MD5

                                                                            d17fe0a3f47be24a6453e9ef58c94641

                                                                            SHA1

                                                                            6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                            SHA256

                                                                            96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                            SHA512

                                                                            5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                                                                            Filesize

                                                                            479KB

                                                                            MD5

                                                                            09372174e83dbbf696ee732fd2e875bb

                                                                            SHA1

                                                                            ba360186ba650a769f9303f48b7200fb5eaccee1

                                                                            SHA256

                                                                            c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                                                                            SHA512

                                                                            b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                                                                            Filesize

                                                                            13.8MB

                                                                            MD5

                                                                            0a8747a2ac9ac08ae9508f36c6d75692

                                                                            SHA1

                                                                            b287a96fd6cc12433adb42193dfe06111c38eaf0

                                                                            SHA256

                                                                            32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                                                                            SHA512

                                                                            59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\AlternateServices.bin
                                                                            Filesize

                                                                            8KB

                                                                            MD5

                                                                            1564fb6fc9218f6d9daeec91e1dc4953

                                                                            SHA1

                                                                            5e7c29cad967072c2716aa226bb70648f8953da5

                                                                            SHA256

                                                                            d9ee66accb1874d94f6b5dee721fbf5dbb94062976eaed134c38dc8ad4bc49eb

                                                                            SHA512

                                                                            7e2abc7760015e28db52466ba0aa063d63f517ee1d07f6fe0cd880076d7dc63e5004ffe64c69ad525d55bd25d3abbd25ad312ffa6fd9d001be30924f390d2dad

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\AlternateServices.bin
                                                                            Filesize

                                                                            18KB

                                                                            MD5

                                                                            d38d0a65487d9ccc8bf712b2606fa442

                                                                            SHA1

                                                                            3ac871f3922c5e35790d7b274f8e2e438b2bdb53

                                                                            SHA256

                                                                            46b2499d9fa7f245c2b06d428debca81480f4f195e7912baec7f2b6b663ea1c9

                                                                            SHA512

                                                                            ee9df624f9af1a3981ccf6765227070434a0e1a05a38e865dd1e4632582023d0da28c05ec42f6070fa25b4666d7325d7977accebdbd04dbc2fad23a2a0f265f7

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.bin
                                                                            Filesize

                                                                            23KB

                                                                            MD5

                                                                            7915a6d5762f0e1a2793b2c2b6f1ff10

                                                                            SHA1

                                                                            88aa432f99e7e86f92d4ac0e62f5bb1ece073e66

                                                                            SHA256

                                                                            2d1b570d3ec7790cbc5d0aada0e8a986a5e9f5fd2ed5000cb28e744adfd60440

                                                                            SHA512

                                                                            171b4d31d3b279c84aa37906033de69969484bc734bcc0448ec4bc46d0fdee7e50e0f568b3bf71fe202404453f650f3afef6632ccbbf30638fc371bdf3b51e3d

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.bin
                                                                            Filesize

                                                                            22KB

                                                                            MD5

                                                                            3f0a06c02db872c4491d2c0e7dd47f35

                                                                            SHA1

                                                                            19a92c20a24aafeed6f18349a97cbb37f231ce43

                                                                            SHA256

                                                                            1be2f137448eceaf8022da12d685c3b9eb6de29974bd39fba283aaf9e3b09100

                                                                            SHA512

                                                                            c77ee4c43946ec6fdb1d06962212c7ac50616077886c1f7d72ae624275602ccc700e6e5f550a13f3c4eff155e55b2bbaa2eb3a01e5eb8bb4d50fcbe9b2ff415a

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.bin
                                                                            Filesize

                                                                            25KB

                                                                            MD5

                                                                            5a3c53145cb499a1c4516cf6b97b826d

                                                                            SHA1

                                                                            a14d54d105cfd338f62f48d873a90ec4584af55d

                                                                            SHA256

                                                                            c4adb5b863a2889d44da4c4a61848bfce702ffa8bac605d646da659df6e458a6

                                                                            SHA512

                                                                            1991683a1cce66614660574ad8810199d10e1465d6336bcfc8e9e2f2e7faa1f3fb36a1074a77840ddc6fd4a80a6f6109fc1137ab2ea4fed03db1a685fef7bbab

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.bin
                                                                            Filesize

                                                                            23KB

                                                                            MD5

                                                                            52167396b4a899c0b1769f79741f3b91

                                                                            SHA1

                                                                            eb24b7b8d79f2385567e956f0b694a855af7a900

                                                                            SHA256

                                                                            a77225628b1b8dd8a8f3e5d2c10217f4adc501c364a7fd7a6c663016d8feea1b

                                                                            SHA512

                                                                            7bc9dde8279de928eeed2af93d23f4a61b626f9d496fe294353a79a68993a01f3af35d20f085f9d2116509dc76fb4b05dcf715cdd880b2732f348f3d4b4e592a

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.bin
                                                                            Filesize

                                                                            24KB

                                                                            MD5

                                                                            0d4ba1ef87b4d19fbfab53c7f9eea2c5

                                                                            SHA1

                                                                            75423015aafd1ace744fe4a17b8553bfc76341b4

                                                                            SHA256

                                                                            fd6b0f89750cd3d3166c48dc1dd37a42debaddcc0c29a7ad3765171da106c8b5

                                                                            SHA512

                                                                            e1bde4df00eeab52e8ae7d070902f601cd93f7625354cd7bd9859ebe939cf5ce735021b5ac0cc2d93c710527c8d85890534f1a73b1db22b75bc6bdeaaf465954

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.tmp
                                                                            Filesize

                                                                            22KB

                                                                            MD5

                                                                            6579ba849a54c6b95239c0f822a53b31

                                                                            SHA1

                                                                            7f32cd28a4eb21ba23845f57985c1272835e7552

                                                                            SHA256

                                                                            4e961cf270d78bc83f98e2559613a3d52495ee259bbb5d1b61eb83ffdccbe1a1

                                                                            SHA512

                                                                            603c097342b2ef227f8c3b6c0cd406a1e673e52a583814f525bc9d9cdb2fd5f2405ae6cdbedd9a9fb9617f558caa2f9f856463435ea069fe2e57b4f7a52999ac

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.tmp
                                                                            Filesize

                                                                            25KB

                                                                            MD5

                                                                            f67f9625d77c956fe7c24d6305ef46ed

                                                                            SHA1

                                                                            33b495660dfd5d655e2928f8d0742006d80101d0

                                                                            SHA256

                                                                            297bbe7b4bca731314e79f09c8af4d78482fd5a76449e6e806a3888ea9c2c136

                                                                            SHA512

                                                                            1d682b8570f5b53067b516d8490c9ebd16b9490f35dfe2ae0d23bbfa43d603b87873b7865bd0893299515da93ffd7b98085e05973fe6602707032656d401846a

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.tmp
                                                                            Filesize

                                                                            22KB

                                                                            MD5

                                                                            07258c99bdf762a055e96b98bee868dd

                                                                            SHA1

                                                                            2f05d33eee7e66cdef25bf7cc9312536320c486f

                                                                            SHA256

                                                                            612547a50b0e087650bfff27174eee23447bd28c1b3ab49fc88ef6c41e2e7b7a

                                                                            SHA512

                                                                            0b8721a81807c0e5bc4b45ad83d0fb38aabae0705af784517224031642a6867c9991d91f54898f824f5959d19206cac0b2b6b9a45c6c3fec95b2b93e48862546

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\pending_pings\6fe9638a-9f56-4de1-9b2c-09e6f8c933c3
                                                                            Filesize

                                                                            982B

                                                                            MD5

                                                                            7df3ace44e1ab39e1f373c8c0a1de91b

                                                                            SHA1

                                                                            0ccec92b475d2dddb60f059546de517a06eed2ba

                                                                            SHA256

                                                                            2e52544278414b6ae61f775a3d7a6da5673be7a92dd498fbe63f30b44222f33d

                                                                            SHA512

                                                                            c902108bbb2934c0bce12d656576df413f4840e79ff88e52dd8803a131f546dd8889d718105d7dd0289022123c1a825345325d5d35775987b18c51d2cf202b4d

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\pending_pings\8695e0c0-c6a9-497e-8bc5-49b938ad3553
                                                                            Filesize

                                                                            659B

                                                                            MD5

                                                                            f7a15a16e8ee9132336d65fa6d934b15

                                                                            SHA1

                                                                            fa6fb4e34768c0d048a7f475ea7fbcf3c02bd0b9

                                                                            SHA256

                                                                            345fe0c2912c15b2cdad2219f68cf5afc29a1642739ebbadfb4657f1c6aa4196

                                                                            SHA512

                                                                            4f5606bb9a48372b79a79afc8ac0f48ff73153ab458e5b1322d9453c86fecd42c481f750e02470e399e33bd52e5d3dc1442dcbf493b6ceacf2aee8845f766540

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                                                                            Filesize

                                                                            1.1MB

                                                                            MD5

                                                                            842039753bf41fa5e11b3a1383061a87

                                                                            SHA1

                                                                            3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                                                                            SHA256

                                                                            d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                                                                            SHA512

                                                                            d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                                                                            Filesize

                                                                            116B

                                                                            MD5

                                                                            2a461e9eb87fd1955cea740a3444ee7a

                                                                            SHA1

                                                                            b10755914c713f5a4677494dbe8a686ed458c3c5

                                                                            SHA256

                                                                            4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                                                                            SHA512

                                                                            34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                                                                            Filesize

                                                                            372B

                                                                            MD5

                                                                            bf957ad58b55f64219ab3f793e374316

                                                                            SHA1

                                                                            a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                                                                            SHA256

                                                                            bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                                                                            SHA512

                                                                            79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                                                                            Filesize

                                                                            17.8MB

                                                                            MD5

                                                                            daf7ef3acccab478aaa7d6dc1c60f865

                                                                            SHA1

                                                                            f8246162b97ce4a945feced27b6ea114366ff2ad

                                                                            SHA256

                                                                            bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                                                                            SHA512

                                                                            5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\prefs-1.js
                                                                            Filesize

                                                                            12KB

                                                                            MD5

                                                                            86310daec7b2d2a6278a33700fd14d40

                                                                            SHA1

                                                                            0c6bfa54e55e1179ef1da9cc24f57998282a6f5a

                                                                            SHA256

                                                                            b6341a57ecb5da3b8e243a1b1dd748d000740f20a4586989f5864e9a41359822

                                                                            SHA512

                                                                            e9290b23843a1725c08861e6343014b39342f1a04206d8f69516c0e3814545b2741a1d146aff9307e4f6491a32878e7b043db4a0b10c3012f890804a6f3d25bc

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\prefs-1.js
                                                                            Filesize

                                                                            15KB

                                                                            MD5

                                                                            566148dbc5577e221132cb0a4f2cdd7d

                                                                            SHA1

                                                                            779d9950c357837e8fd1d65fb09359ffcffa29ff

                                                                            SHA256

                                                                            718e00488b54c4aa972db393a3a5242c3ee9a5fe12f9378281dab909f2aca451

                                                                            SHA512

                                                                            b34519c69dc49deb57f09653debaef14b2b32d7fc2757dd72d810c1ff122b382bc60d5d95fc73b2661bbdabbf48765a45670844ed0c6a1eaa140b5e6aae1ec1a

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\prefs-1.js
                                                                            Filesize

                                                                            10KB

                                                                            MD5

                                                                            d89f80c6cd7030b5202a2b8bb341bcb0

                                                                            SHA1

                                                                            d6d89b620742d5c4d634fd1f71ac7d82163b6f27

                                                                            SHA256

                                                                            74e7ac62ca8fd2e6235a8b5b3e1817dd3aa54a48525ecbdf274afbbeb46061d1

                                                                            SHA512

                                                                            45599aaccb8a8236fb01e06deb5f9fc2f6eb428e4c582e5752a432fd22dde8c88abdef2e6efdf4b9ab0f32a3b09a1f738be0e887d373ed2047597c2b42c29004

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\prefs.js
                                                                            Filesize

                                                                            11KB

                                                                            MD5

                                                                            02f44ebc5aa07df435fbf6395f2295b3

                                                                            SHA1

                                                                            5a51f862898d0cca6d12e7cb697ec7e730739537

                                                                            SHA256

                                                                            b51d3093a4510784b6f88c3129c24f66816f607d53565e34eb066b7e1df6a89c

                                                                            SHA512

                                                                            8ffae3b3755faadde1067a5fa2bb24126968a802c6f49d1efbcf64b28f394550b71c5a76e26f4742f005972699047159414585b30512b4fca9a566a8ea8cb3fb

                                                                            Download Submit

                                                                          • \??\pipe\crashpad_2388_HKTVBXCOIEHHGVPE
                                                                            MD5

                                                                            d41d8cd98f00b204e9800998ecf8427e

                                                                            SHA1

                                                                            da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                            SHA256

                                                                            e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                            SHA512

                                                                            cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                            Download Submit

                                                                          • memory/1144-2318-0x0000000000700000-0x000000000136B000-memory.dmp

                                                                            Filesize

                                                                            12.4MB

                                                                            Download

                                                                          • memory/1144-5599-0x0000000000700000-0x000000000136B000-memory.dmp

                                                                            Filesize

                                                                            12.4MB

                                                                            Download

                                                                          • memory/1144-2266-0x0000000000700000-0x000000000136B000-memory.dmp

                                                                            Filesize

                                                                            12.4MB

                                                                            Download

                                                                          • memory/2016-21-0x00000000006D0000-0x0000000000B7E000-memory.dmp

                                                                            Filesize

                                                                            4.7MB

                                                                            Download

                                                                          • memory/2016-35-0x00000000006D0000-0x0000000000B7E000-memory.dmp

                                                                            Filesize

                                                                            4.7MB

                                                                            Download

                                                                          • memory/2312-2321-0x0000000000400000-0x000000000066D000-memory.dmp

                                                                            Filesize

                                                                            2.4MB

                                                                            Download

                                                                          • memory/2312-66-0x0000000000400000-0x000000000066D000-memory.dmp

                                                                            Filesize

                                                                            2.4MB

                                                                            Download

                                                                          • memory/3652-68-0x0000000000510000-0x00000000009BE000-memory.dmp

                                                                            Filesize

                                                                            4.7MB

                                                                            Download

                                                                          • memory/3652-34-0x0000000000510000-0x00000000009BE000-memory.dmp

                                                                            Filesize

                                                                            4.7MB

                                                                            Download

                                                                          • memory/3652-100-0x0000000000510000-0x00000000009BE000-memory.dmp

                                                                            Filesize

                                                                            4.7MB

                                                                            Download

                                                                          • memory/3716-1435-0x0000000000880000-0x0000000000B2C000-memory.dmp

                                                                            Filesize

                                                                            2.7MB

                                                                            Download

                                                                          • memory/3716-48-0x0000000000880000-0x0000000000B2C000-memory.dmp

                                                                            Filesize

                                                                            2.7MB

                                                                            Download

                                                                          • memory/3716-51-0x0000000000880000-0x0000000000B2C000-memory.dmp

                                                                            Filesize

                                                                            2.7MB

                                                                            Download

                                                                          • memory/3716-305-0x0000000000880000-0x0000000000B2C000-memory.dmp

                                                                            Filesize

                                                                            2.7MB

                                                                            Download

                                                                          • memory/3716-50-0x0000000000880000-0x0000000000B2C000-memory.dmp

                                                                            Filesize

                                                                            2.7MB

                                                                            Download

                                                                          • memory/4424-40-0x0000000000610000-0x0000000000AC0000-memory.dmp

                                                                            Filesize

                                                                            4.7MB

                                                                            Download

                                                                          • memory/4424-39-0x0000000000610000-0x0000000000AC0000-memory.dmp

                                                                            Filesize

                                                                            4.7MB

                                                                            Download

                                                                          • memory/4752-143-0x0000000006800000-0x0000000006898000-memory.dmp

                                                                            Filesize

                                                                            608KB

                                                                            Download

                                                                          • memory/4752-151-0x0000000006800000-0x0000000006898000-memory.dmp

                                                                            Filesize

                                                                            608KB

                                                                            Download

                                                                          • memory/4752-77-0x0000000004DB0000-0x0000000004DE6000-memory.dmp

                                                                            Filesize

                                                                            216KB

                                                                            Download

                                                                          • memory/4752-79-0x0000000005420000-0x0000000005A48000-memory.dmp

                                                                            Filesize

                                                                            6.2MB

                                                                            Download

                                                                          • memory/4752-80-0x0000000005390000-0x00000000053B2000-memory.dmp

                                                                            Filesize

                                                                            136KB

                                                                            Download

                                                                          • memory/4752-1424-0x000000000B610000-0x000000000B6A2000-memory.dmp

                                                                            Filesize

                                                                            584KB

                                                                            Download

                                                                          • memory/4752-122-0x0000000006800000-0x0000000006898000-memory.dmp

                                                                            Filesize

                                                                            608KB

                                                                            Download

                                                                          • memory/4752-133-0x0000000006800000-0x0000000006898000-memory.dmp

                                                                            Filesize

                                                                            608KB

                                                                            Download

                                                                          • memory/4752-82-0x0000000005C80000-0x0000000005CE6000-memory.dmp

                                                                            Filesize

                                                                            408KB

                                                                            Download

                                                                          • memory/4752-83-0x0000000005CF0000-0x0000000005D56000-memory.dmp

                                                                            Filesize

                                                                            408KB

                                                                            Download

                                                                          • memory/4752-94-0x0000000005D60000-0x00000000060B4000-memory.dmp

                                                                            Filesize

                                                                            3.3MB

                                                                            Download

                                                                          • memory/4752-102-0x00000000063F0000-0x000000000643C000-memory.dmp

                                                                            Filesize

                                                                            304KB

                                                                            Download

                                                                          • memory/4752-101-0x0000000006350000-0x000000000636E000-memory.dmp

                                                                            Filesize

                                                                            120KB

                                                                            Download

                                                                          • memory/4752-119-0x000000000A330000-0x000000000A572000-memory.dmp

                                                                            Filesize

                                                                            2.3MB

                                                                            Download

                                                                          • memory/4752-171-0x0000000006800000-0x0000000006898000-memory.dmp

                                                                            Filesize

                                                                            608KB

                                                                            Download

                                                                          • memory/4752-124-0x0000000006800000-0x0000000006898000-memory.dmp

                                                                            Filesize

                                                                            608KB

                                                                            Download

                                                                          • memory/4752-125-0x0000000006800000-0x0000000006898000-memory.dmp

                                                                            Filesize

                                                                            608KB

                                                                            Download

                                                                          • memory/4752-120-0x0000000006800000-0x000000000689C000-memory.dmp

                                                                            Filesize

                                                                            624KB

                                                                            Download

                                                                          • memory/4752-121-0x000000000BB20000-0x000000000C0C4000-memory.dmp

                                                                            Filesize

                                                                            5.6MB

                                                                            Download

                                                                          • memory/4752-127-0x0000000006800000-0x0000000006898000-memory.dmp

                                                                            Filesize

                                                                            608KB

                                                                            Download

                                                                          • memory/4752-129-0x0000000006800000-0x0000000006898000-memory.dmp

                                                                            Filesize

                                                                            608KB

                                                                            Download

                                                                          • memory/4752-159-0x0000000006800000-0x0000000006898000-memory.dmp

                                                                            Filesize

                                                                            608KB

                                                                            Download

                                                                          • memory/4752-181-0x0000000006800000-0x0000000006898000-memory.dmp

                                                                            Filesize

                                                                            608KB

                                                                            Download

                                                                          • memory/4752-131-0x0000000006800000-0x0000000006898000-memory.dmp

                                                                            Filesize

                                                                            608KB

                                                                            Download

                                                                          • memory/4752-135-0x0000000006800000-0x0000000006898000-memory.dmp

                                                                            Filesize

                                                                            608KB

                                                                            Download

                                                                          • memory/4752-137-0x0000000006800000-0x0000000006898000-memory.dmp

                                                                            Filesize

                                                                            608KB

                                                                            Download

                                                                          • memory/4752-139-0x0000000006800000-0x0000000006898000-memory.dmp

                                                                            Filesize

                                                                            608KB

                                                                            Download

                                                                          • memory/4752-141-0x0000000006800000-0x0000000006898000-memory.dmp

                                                                            Filesize

                                                                            608KB

                                                                            Download

                                                                          • memory/4752-145-0x0000000006800000-0x0000000006898000-memory.dmp

                                                                            Filesize

                                                                            608KB

                                                                            Download

                                                                          • memory/4752-147-0x0000000006800000-0x0000000006898000-memory.dmp

                                                                            Filesize

                                                                            608KB

                                                                            Download

                                                                          • memory/4752-149-0x0000000006800000-0x0000000006898000-memory.dmp

                                                                            Filesize

                                                                            608KB

                                                                            Download

                                                                          • memory/4752-1425-0x000000000B6B0000-0x000000000B74C000-memory.dmp

                                                                            Filesize

                                                                            624KB

                                                                            Download

                                                                          • memory/4752-153-0x0000000006800000-0x0000000006898000-memory.dmp

                                                                            Filesize

                                                                            608KB

                                                                            Download

                                                                          • memory/4752-155-0x0000000006800000-0x0000000006898000-memory.dmp

                                                                            Filesize

                                                                            608KB

                                                                            Download

                                                                          • memory/4752-157-0x0000000006800000-0x0000000006898000-memory.dmp

                                                                            Filesize

                                                                            608KB

                                                                            Download

                                                                          • memory/4752-161-0x0000000006800000-0x0000000006898000-memory.dmp

                                                                            Filesize

                                                                            608KB

                                                                            Download

                                                                          • memory/4752-163-0x0000000006800000-0x0000000006898000-memory.dmp

                                                                            Filesize

                                                                            608KB

                                                                            Download

                                                                          • memory/4752-165-0x0000000006800000-0x0000000006898000-memory.dmp

                                                                            Filesize

                                                                            608KB

                                                                            Download

                                                                          • memory/4752-167-0x0000000006800000-0x0000000006898000-memory.dmp

                                                                            Filesize

                                                                            608KB

                                                                            Download

                                                                          • memory/4752-169-0x0000000006800000-0x0000000006898000-memory.dmp

                                                                            Filesize

                                                                            608KB

                                                                            Download

                                                                          • memory/4752-173-0x0000000006800000-0x0000000006898000-memory.dmp

                                                                            Filesize

                                                                            608KB

                                                                            Download

                                                                          • memory/4752-175-0x0000000006800000-0x0000000006898000-memory.dmp

                                                                            Filesize

                                                                            608KB

                                                                            Download

                                                                          • memory/4752-177-0x0000000006800000-0x0000000006898000-memory.dmp

                                                                            Filesize

                                                                            608KB

                                                                            Download

                                                                          • memory/4752-179-0x0000000006800000-0x0000000006898000-memory.dmp

                                                                            Filesize

                                                                            608KB

                                                                            Download

                                                                          • memory/5100-43-0x00000000006D0000-0x0000000000D69000-memory.dmp

                                                                            Filesize

                                                                            6.6MB

                                                                            Download

                                                                          • memory/5100-45-0x00000000006D0000-0x0000000000D69000-memory.dmp

                                                                            Filesize

                                                                            6.6MB

                                                                            Download

                                                                          • memory/5148-1482-0x00000000058B0000-0x00000000058BA000-memory.dmp

                                                                            Filesize

                                                                            40KB

                                                                            Download

                                                                          • memory/5148-1427-0x0000000000400000-0x0000000000410000-memory.dmp

                                                                            Filesize

                                                                            64KB

                                                                            Download

                                                                          • memory/5184-306-0x0000000000E90000-0x0000000001340000-memory.dmp

                                                                            Filesize

                                                                            4.7MB

                                                                            Download

                                                                          • memory/5184-1539-0x0000000000E90000-0x0000000001340000-memory.dmp

                                                                            Filesize

                                                                            4.7MB

                                                                            Download

                                                                          • memory/5184-2071-0x0000000000E90000-0x0000000001340000-memory.dmp

                                                                            Filesize

                                                                            4.7MB

                                                                            Download

                                                                          • memory/5276-1452-0x0000000000840000-0x0000000000ED9000-memory.dmp

                                                                            Filesize

                                                                            6.6MB

                                                                            Download

                                                                          • memory/5276-1456-0x0000000000840000-0x0000000000ED9000-memory.dmp

                                                                            Filesize

                                                                            6.6MB

                                                                            Download

                                                                          • memory/5776-2327-0x0000000000510000-0x00000000009BE000-memory.dmp

                                                                            Filesize

                                                                            4.7MB

                                                                            Download

                                                                          • memory/5776-2329-0x0000000000510000-0x00000000009BE000-memory.dmp

                                                                            Filesize

                                                                            4.7MB

                                                                            Download

                                                                          • memory/6388-5618-0x0000000000510000-0x00000000009BE000-memory.dmp

                                                                            Filesize

                                                                            4.7MB

                                                                            Download

                                                                          • memory/6776-2061-0x0000000000300000-0x00000000005AC000-memory.dmp

                                                                            Filesize

                                                                            2.7MB

                                                                            Download

                                                                          • memory/6776-2184-0x0000000000300000-0x00000000005AC000-memory.dmp

                                                                            Filesize

                                                                            2.7MB

                                                                            Download

                                                                          • memory/6776-2183-0x0000000000300000-0x00000000005AC000-memory.dmp

                                                                            Filesize

                                                                            2.7MB

                                                                            Download

                                                                          • memory/6776-2277-0x0000000000300000-0x00000000005AC000-memory.dmp

                                                                            Filesize

                                                                            2.7MB

                                                                            Download

                                                                          • memory/6776-2293-0x0000000000300000-0x00000000005AC000-memory.dmp

                                                                            Filesize

                                                                            2.7MB

                                                                            Download